Skip to main content
U.S. flag

An official website of the United States government

Audit Reports

Date

Quality Control Review of the Management Letter for the Audit of the Federal Aviation Administration’s Fiscal Years 2014 and 2013 Financial Statements

Requested By
Required by the Chief Financial Officers Act of 1990
Project ID
QC2015037
File Attachment

We conducted a quality control review of the management letter related to the Federal Aviation Administration’s (FAA) financial statements for fiscal years 2014 and 2013. KPMG LLP, under contract to our office, conducted the audit of these statements. The internal control matters that KPMG identified in its management letter were not required to be reported in the independent audit report on FAA’s financial statements.

Recommendations

Closed on
No. 1 to FAA
Finalize the policies and procedures that specify the number of days within which property identified for disposal should be retired and recorded in the general ledger.
Closed on
No. 2 to FAA
Provide training to the various regions and property owners once the policies and procedures noted in recommendations 1 above are finalized and implemented.
Closed on
No. 3 to FAA
Perform alternative procedures to assess the materiality of depreciation expense and loss on retirements for assets that were retired in prior years; but, have not been recorded in the general ledger until the current year.
Closed on
No. 4 to FAA
KPMG recommends that FAA complete a more detailed review of manual journal entries to verify the entry was made in accordance with the appropriate USSGL transaction code.
Closed on
No. 5 to FAA
KPMG recommends that FAA identify all procedures previously provided by Bureau of Fiscal Services (BFS) to account for the activities of the AATF and incorporate those procedures into the FAA's financial reporting process.
Closed on
No. 6 to FAA
Develop and implement a process to formally identify, assess, and document the impact of errors, misclassifications and departures from GAAP in the financial statements and accompanying notes, including an assessment as to whether the errors are material in relation to the financial statements as a whole, both in current and future periods.  The assessment should be reviewed by an appropriate level of management.
Closed on
No. 7 to FAA
KPMG recommends FAA develop and implement monitoring controls to ensure costs and revenues are mapped to the appropriate strategic priority.
Closed on
No. 8 to FAA
KPMG recommends FAA enhance policies and procedures related to the review of journal vouchers to include a requirement that the initial review of journal vouchers occur before the journal voucher is posted to the general ledger.
Closed on
No. 9 to FAA
KPMG recommends FAA revise policies and procedures to clarify or remove the second-level review requirement.
Closed on
No. 10 to FAA
KPMG recommends FAA continue to emphasize the timely de-obligation of inactive UDOs through training and communication to the various lines of business.
Closed on
No. 11 to FAA
KPMG recommends FAA continue to perform quarterly obligation reviews to monitor the validity of inactive UDOs.
Closed on
No. 12 to FAA
KPMG recommends FAA correct the set-up of the vendor-trading partner in the vendor table.
Closed on
No. 13 to FAA
KPMG recommends FAA develop and implement policies and procedures to accumulate a listing of new sites identified during the Environmental Site Cleanup Report (ESCR) preparation period and to assess the impact of the new sites to the Environmental Remediation (ER) liability.
Closed on
No. 14 to FAA
KPMG recommends FAA develop and implement policies and procedures to specify the number of days within which the checklists related to new sites should be reviewed.
Closed on
No. 15 to FAA
Enhance their policies and procedures to include the nature and extent of monitoring procedures to be performed by the Regional Office/Airport District Office during their quarterly review of payments made by sponsors with a nominal risk level.
Closed on
No. 16 to FAA
Enhance monitoring procedures to ensure that expenses are recorded in the proper period and accruals are complete.
Closed on
No. 17 to FAA
KPMG recommends that the FAA Oklahoma City Enterprise Center enhance its monitoring controls to ensure that someone other that the Human Resource Specialist who prepares the SF50 (Notification of Personnel Action) review the SF50 to verify the information from the employee election form is properly recorded.
Closed on
No. 18 to FAA
KPMG recommends FAA design and implement procedures to validate the completeness and accuracy of key inputs provided by other organizations within FAA, including a periodic review of the key assumptions.
Closed on
No. 19 to FAA
KPMG recommends FAA fully research and document its conclusions on the proper treatment of the sick leave buyback provisions in accordance with SFFAS No. 5.
Closed on
No. 20 to FAA
Ensure that all security weaknesses identified during reviews performed by or on behalf of the agency, including Government Accountability Office audits, financial audits, system status reports, and critical infrastructure vulnerability assessments are included in the Cyber Security Assessment Manager  POA&M tracker for LIS.
Closed on
No. 21 to FAA
KPMG recommends that FAA strengthen password complexity configurations for LIS and SOAR, in accordance with the DOT Cyber Security Compendium.
Closed on
No. 22 to FAA
KPMG recommends FAA obtain a waiver from the DOT Chief Information Officer to relieve FAA of the implementation requirements within the DOT Cyber Security Compendium.
Closed on
No. 23 to FAA
KPMG recommends that FAA update the LIS SSP to reflect the current security audit log mechanisms in place, and develop and implement procedures requiring periodic reviews of LIS audit logs. The procedures should include the items being reviewed and the frequency within which the reviews should occur.
Closed on
No. 24 to FAA
Perform semi-annual reviews of all privileged user accounts, and their associated access levels, in accordance with the DOT Cyber Security Compendium, and include documented approval(s).
Closed on
No. 25 to FAA
KPMG recommends that FAA develop and implement procedures for granting physical access to the data center.
Closed on
No. 26 to FAA
KPMG recommends that FAA develop and implement procedures for retaining authorizing documents for those individuals that are granted access.
Closed on
No. 27 to FAA
KPMG recommends that FAA develop and implement procedures for performing periodic reviews of access rights for existing data center users.
Closed on
No. 28 to FAA
KPMG recommend that the FAA management develop and implement procedures that require the timely notification of LIS administrator(s) when LIS users are terminated and/or it is determined that a user's access to LIS is no longer required.